b01edebac129b5c4fad6171d503a0e697b8214a7f975003552cbf07fb13a21b2 | Triage

Sharing

General

Target

b234bd853e75cbc6d0c6e33e37fcd63b_JaffaCakes118
Size

96KB
Sample

240821-ftmydavekq
MD5

b234bd853e75cbc6d0c6e33e37fcd63b
SHA1

0ac02b6b6a4085a90a345565e9f346383c1fd9cd
SHA256

b01edebac129b5c4fad6171d503a0e697b8214a7f975003552cbf07fb13a21b2
SHA512

b1ac05e00cf281c0ad9a8feb9419d4e46a35106259b9087520fef98d6ca93315769d7c0921fc77faa42f56ceedd1b334d711da1102a2982f4594f881ed6aee83
SSDEEP

1536:Tz704ZDR02XkjPQxokAR9FuY4Ak/dqsZwVeqBqfPN+zMFtvgeKq9vVoAu:Tz70i0wkb9FuddqsZqBqfPN/FtDKUvVI

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  b234bd853e75cbc6d0c6e33e37fcd63b_JaffaCakes118
- Size
  
  96KB
- MD5
  
  b234bd853e75cbc6d0c6e33e37fcd63b
- SHA1
  
  0ac02b6b6a4085a90a345565e9f346383c1fd9cd
- SHA256
  
  b01edebac129b5c4fad6171d503a0e697b8214a7f975003552cbf07fb13a21b2
- SHA512
  
  b1ac05e00cf281c0ad9a8feb9419d4e46a35106259b9087520fef98d6ca93315769d7c0921fc77faa42f56ceedd1b334d711da1102a2982f4594f881ed6aee83
- SSDEEP
  
  1536:Tz704ZDR02XkjPQxokAR9FuY4Ak/dqsZwVeqBqfPN+zMFtvgeKq9vVoAu:Tz70i0wkb9FuddqsZqBqfPN/FtDKUvVI
Score

8^/10

discovery persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation